AboutWeb’s Security Architect, Dave Epler, gave a demonstration on ColdFusion’s security vulnerabilities at the Adobe ColdFusion Summit in Las Vegas, Nevada last weekend. The hour long presentation utilized sqlmap and BeFF (Browser Exploitation Framework) to show how web penetration testers and hackers could mount their attacks. By approaching the issue from the hacking side as opposed to merely the solutions, the presentation helped attendees gain a deeper insight into these vulnerabilities.
More information can be found at: http://cfsummit.adobeevents.com/schedule/sessions/web_penetration_hacking_tools.html